General

  • Target

    bank details.r15.rar

  • Size

    904KB

  • Sample

    221101-nqkmvacdfk

  • MD5

    7752e1121cafb76748fae4f99f5522ae

  • SHA1

    757eb31e2e5ee6ad6b1a5f44b0605ed2f74d5316

  • SHA256

    22a0b954b212c67cd830803233f24b80efbb977f1abf2f2111c2dfcd5689349c

  • SHA512

    c89651d9cc33b79ec5db12ed47cd2ff7eac85171fee17bffd020afde843f595bf128ad2a974e621efb7c226286f0f077d1ff8ac499b712f91ce2006f255fcdd3

  • SSDEEP

    24576:Tpgf2roHpBUdrQn5VEH4PwJ6NsnNWjbMF:VgeEnUdrAVkJJgjbMF

Malware Config

Targets

    • Target

      bank details.exe

    • Size

      1.1MB

    • MD5

      e2d07c1194008eacff161c48fcb8b1c5

    • SHA1

      5436041b87687cc33fc7cc00dd10d0ed7249fe73

    • SHA256

      a04c0b0273560589235ee79ec27c895ca5d8c4e3e389a13ed6efca03a552e650

    • SHA512

      d251aaad669ea2a654037e062299569803c905477b0f9f8159c66d991608653fdffbc41abd6c24521fb31dfe6ef0299583690d07cc15bead5f269c9909b82939

    • SSDEEP

      24576:H77e4piFmw5WhGAwp7cKCocrGiPBFDDdOCNKWU:tKlWh67cfocrdPcmKz

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks